BitDrones Are Awesome, Ridiculous At Same Time

At first we thought it was awesome, then we thought it was ridiculous, and now we’re pretty much settled on “ridiculawesome”.

Bitdrones is a prototype of a human-computer interaction that uses tiny quadcopters as pixels in a 3D immersive display. That’s the super-cool part. “PixelDrones” have an LED on top. “ShapeDrones” have a gauzy cage that get illuminated by color LEDs, making them into life-size color voxels. (Cool!) Finally, a “DisplayDrone” has a touchscreen mounted to it. A computer tracks each drone’s location in the room, and they work together to create a walk-in 3D “display”. So far, so awesome.

It gets even better. Because the program that commands the drones knows where each drone is, it can tell when you’ve moved a drone around in space. That’s extremely cool, and opens up the platform to new interactions. And the DisplayDrone is like a tiny flying cellphone, so you can chat hands-free with your friends who hover around your room. Check out the video embedded below the break.

Continue reading “BitDrones Are Awesome, Ridiculous At Same Time”

The USB Killer – Now A Crowdfunding Campaign

Kickstarter, Indiegogo, and every other crowdfunding site out there frequently have projects that should never be products. The latest promises to protect you from security breaches and identity theft by blowing up your computer. It’s the USB Killer, and for only $99 USD, you too can destroy the USB port in your computer and everything else attached to it.

The USB Killer is a device that plugs into the USB port on any computer, charges up several caps, and dumps all that voltage back into the computer. The process repeats until something breaks. We’ve seen it used on a poor Thinkpad X60, and from the video evidence it does exactly what it’s designed to do: kill a computer.

The Indiegogo campaign for the USB killer comes with a web page for the campaign that goes over the function of the device in much more detail. Inside the USB killer is a DC/DC converter that charges a few capacitors to -110V. When the caps are charged, that voltage is dumped back into the USB port where something will happen. Somewhat surprisingly, the folks behind the USB Killer have a video of a computer not dying when the USB Killer is plugged in. Only killing the USB port in a computer is not a guaranteed functionality, as the Indiegogo campaign has the following disclaimer: “Please be aware: USB Killer may cause damage to the motherboard, depending on your computer. By making a pre-order you acknowledge that you are aware of this fact.”

Three Watt Individually Addressable RGB LEDs

While the gold standard for colorful blinky projects are individually controllable RGB LEDs, the usual offerings aren’t really that impressive. Yes, a few hundred Neopixels, WS2812, or other RGB LEDs will sear your retinas, but what if you wanted blinky glowy stuff that is so over the top as to be an affront to whatever creator you believe in?

This is it. [Ytai Ben-Tsvi] created an individually addressable RGB LED called the Pixie that is perfect for all the times when you need something bright, colorful, and want to blind a few people in the process.

WS2812s and Neopixels are basically RGB LEDs with a small microcontroller tucked tucked away inside, and so far there is no design house or fab plant in China that is crazy enough to add one of these tiny dies to an already overpowered LED. To build the Pixie, [Ytai] took a bare RGB LED module and added a microcontroller – a PIC12FF157X in this case. It’s not exactly a powerful microcontroller, but it can handle the shift register-like function of an individually addressable RGB, and adds gamma correction, over heating protection (something necessary when you’re dumping this much power into a tiny board, and other safeguards for each individual LED.

[Ytai] is working with Adafruit to produce these Pixies, and although they’re rather expensive at $15 per LED, you won’t need very many to blind yourself.

Stegosploit: Owned By A JPG

We’re primarily hardware hackers, but every once in a while we see a software hack that really tickles our fancy. One such hack is Stegosploit, by [Saumil Shah]. Stegosploit isn’t really an exploit, so much as it’s a means of delivering exploits to browsers by hiding them in pictures. Why? Because nobody expects a picture to contain executable code.

stegosploit_diagram[Saumil] starts off by packing the real exploit code into an image. He demonstrates that you can do this directly, by encoding characters of the code in the color values of the pixels. But that would look strange, so instead the code is delivered steganographically by spreading the bits of the characters that represent the code among the least-significant bits in either a JPG or PNG image.

OK, so the exploit code is hidden in the picture. Reading it out is actually simple: the HTML canvas element has a built-in getImageData() method that reads the (numeric) value of a given pixel. A little bit of JavaScript later, and you’ve reconstructed your code from the image. This is sneaky because there’s exploit code that’s now runnable in your browser, but your anti-virus software won’t see it because it wasn’t ever written out — it was in the image and reconstructed on the fly by innocuous-looking “normal” JavaScript.

232115_1366x1792_scrotAnd here’s the coup de grâce. By packing HTML and JavaScript into the header data of the image file, you can end up with a valid image (JPG or PNG) file that will nonetheless be interpreted as HTML by a browser. The simplest way to do this is send your file myPic.JPG from the webserver with a Content-Type: text/html HTTP header. Even though it’s a totally valid image file, with an image file extension, a browser will treat it as HTML, render the page and run the script it finds within.

The end result of this is a single image that the browser thinks is HTML with JavaScript inside it, which displays the image in question and at the same time unpacks the exploit code that’s hidden in the shadows of the image and runs that as well. You’re owned by a single image file! And everything looks normal.

We like this because it combines two sweet tricks in one hack: steganography to deliver the exploit code, and “polyglot” files that can be read two ways, depending on which application is doing the reading. A quick tag-search of Hackaday will dig up a lot on steganography here, but polyglot files are a relatively new hack.

[Ange Ablertini] is the undisputed master of packing one file type inside another, so if you want to get into the nitty-gritty of [Ange]’s style of “polyglot” file types, watch his talk on “Funky File Formats” (YouTube). You’ll never look at a ZIP file the same again.

Sweet hack, right? Who says the hardware guys get to have all the fun?

Code Craft – Embedding C++: Classes

For many embedded C developers the most predominate and questionable feature of C++ is the class. The concern is that classes are complex and therefore will introduce code bloat and increase runtimes in systems where timing is critical. Those concerns implicate C++ as not suitable for embedded systems. I’ll bravely assert up front that these concerns are unfounded.

When [Bjarne Stroustrup] created C++ he built it upon C to continue that language’s heritage of performance. Additionally, he added features in a way that if you don’t use them, you don’t pay for them.

Continue reading “Code Craft – Embedding C++: Classes”

Retrotechtacular: Cold War-Era Hardware Keyloggers

As Cold War tensions increased throughout the 1970s, the Soviets pulled out all the stops when it came to digging up information from US diplomats. This NSA memo from 2012 explains how several IBM Selectric typewriters used in the Moscow and Leningrad offices were successfully bugged with electromechanical devices that could possibly have been the world’s first keyloggers.

The Selectric prints with a ball that is spun and tilted to select the desired character. Two mechanical arms control the ball’s spin and tilt, and the keylogger read out the position of those arms. Thus, each character on the Selectric’s type element ball has its own signature. The sensing part of the keylogging mechanism was buried in part of the typewriter chassis, a metal bar that spans the width of the machine, and were so well hidden that they could only have been detected by complete dissassembly or x-ray.

Continue reading “Retrotechtacular: Cold War-Era Hardware Keyloggers”

The Latest, Best WiFi Module Has Been Announced

A little more than a year ago, a new product was released onto the vast, vast marketplace of cheap electronics. It was the ESP8266, and this tiny and cheap WiFi module has since taken over the space of hobbyist electronics and become the de facto standard for connecting tiny microcontrollers to the Internet.

Now there’s an upgrade on the horizon. [John Lee], the public face of Espressif, the makers of the ESP8266, has announced the next product they’re working on. It’s called the ESP32, and if the specs given are correct, it looks to be the next great thing for the Internet of Things.

The ESP32 will now contain two Tensilica processors running at 160MHz, compared to the ‘8266’s one processor running at 80 MHz. The amount of RAM has been increased to 400 kB, Bluetooth LE has been added, WiFi is faster, and there are even more peripherals tucked away in this tiny piece of silicon.

The new ESP32 includes new, simplified APIs and unlike when the ESP8266 was announced, documentation in English.

Right now, Espressif is beta testing the ESP32, with about 200 boards manufactured so far. If you’re one of the few lucky people who have one of these boards on your workbench, we’d love to see your take on it.